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CENTRAL FAX CENTER 

JAN 2 9 2007 

AMENDMENTS 

1 . (Currently Amended) A n e Kvork r e f e renc e med e l system for «se4a configuring 
security software on a computer network, the n e tvvork roforonoo model system comprising: 

a database engine providing deduction; 

a network information database associated with the database engine and providing a 
central repository for a configuration of hardware and software installed on the network; and 

a security goal database associated with the database engine and describing uses that the 
hardware and software installed on the network may are t)ermitted to support. 

2. (Currently Amended) The network referenc e model system of claim 1 , fiirther 
conyjrising: 

an event database associated with the database engine and containing events related to the 
network, wherein such events include possibl e attaclcs againgt the network and benign events that 
could b e confused with th e possible attacks, b eni&n network events, suspected network attacks, 
and actual network attacja.. 

3 . (Currently Amended) The n e twork r e f e r e nc e mod e l system of claim 1 , wherein 
the database engine is an object-oriented description logic database engine. 

4. (Cunently Amended) A configuration tool implemented on a computer-readable 
medium for use in configuring security software packages on a computer network, the 
configuration tool comprising: 

a description logic database engine; 

a network information database associated with the description logic database engine and 
providing a central repository for a configuration of hardware and software installed on the 
network; 

a security goal database associated with the description logic database engine and 
providing security goals describing uses that the hardvvare and software of the network m^ are 
permitted to support; 
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& jfirst configuration module coi^led to the description logic database engine for 
configuring intrusion blocking security software packages; and 

a second configuration module coupled to the description logic database engine for 
configuring intrusion detecting security software packages; 

wherein the first configuration module configures the intrusion blocking security software 
packages based on the configuration of the hardware and software installed on the network and 
the security goals; and 

wherein the second configuration module configures the intrusion detecting security 
software packages based on the configuration of the hardware and software installed on the 
network and the security goals. 

5. (Currently Amended) The configuration tool implemented on a computer-readable 
medium of claim 4, further comprising: 

an event database associated with the description logic database engine and containing 
events related to the network. 

6. (Currently amended) The configuration tool implemented on a computer-readable 
medium of claim 5^ wherein the events contained in the event database include possibl e attacks 
against th e n e tv i ^ork and beni^ e v e nts that 6€Hild - b e confes e d - with tho pos&ibl e ^tacks. benign 
network events, suspected network attacks, and actual network attacks. 

7. (Currently Amended) The configuration tool implemented on a computer-readable 
meditim of claim 4, further comprising: 

a system hardening module coupled to the description logic database engine for 
automating a process of hardening the network. 

8. (Currently Amended) The configuration tool implemented on a computer-readable 
medium of claim wherein the system hardening module is context sensitive. 
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9. (Currently Amended) The configuration tool implemented on a computer-readable 
medium of claim 4, further comprising: 

an audit configuration module coupled to the description logic database engine for 
probing the network for vulnerabilities. 

10. (Currently Amended) A configuration tool implemenled on a computer-readable 
medium for use in conjfiguring security software packages on a computer network, the 
configuration tool comprising: 

a description logic database engine; 

a network information database associated with the description logic database engine and 
providing a central repository for a configuration of hardware and software installed on the 
network; 

a security goal database associated with the description logic database engine and 
providing security goals describing uses that the hardware and software of the network may arc 
permitted to support; 

an event database associated with the description logic database engine and containing 
events related to the network, wherein the events contained in the event database include fK»$sible 
attacks against the n e twork and - bcnig|i ovontfi that could bo oonfiisod with th e possible atta eks 
beni&n network events, suspected network attacks, and actual network attacks: 

a first configuration module coupled to the description logic database engine for 
configuring intrusion blocking security software packages; 

a second configuration module coupled to the description logic database engine for 
configuring intrusion detecting security software packages; 

a system hardening module coupled to the description logic database engine for 
automating a process of hardening the network; and 

an audit configuration module coupled to the description logic database engine for 
probing the network for vulnerabilities; 

wherein the first configuration module configures the intrusion blocking security software 
packages based on the configuration of the hardware and software installed on the network and 
the security goals; 
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wherein the second configuration module configures the intrusion detecting security 
software packages based on the configuration of the hardwwe and software installed on the 
network and the security goals; and 

wherein the system hardening module is context sensitive. 

1 1 . (Previously Presented) A method for configuring a security software package 
installed on an individual network device, the method comprising: 

using active inference in a database engine to decompose one or more security policies 
for a class of network devices into one or more security goals for the individual network device, 
wherein the individual network device is a member of the class of network devices; and 

configuring the security software package using the one or more security goals. 

12. (Previously Presented) The method of claim 11, vrfierein using active inference 
further comprises automatically classifying the individual network device based on an IP address^ 
a network topology or a service provided by the individual network device^ and applying rules to 
the individual network device based on its classification. 

1 3. (Previously Presented) The method of claim 11, wherein the database engine is an 
object-oriented description logic database engine. 

14. (Previously Presented) The method of claim 1 1, wherein the security software 
package is selected from the group consisting of an intrusion blocking software package and an 
intrusion detecting software package. 

1 5. (Previously Presented) A method for configuring a security software package 
installed on an individual network device, the method comprising: 

using active inference in an object^riented description logic database engine to 
decompose one or more security policies for a class of network devices into one or more security 
goals for the individual network device, wherein the individual network device is a member of 
the class of network devices; and 
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configuring the security software package using the one or more security goals; 
wherein the security software package is selected from the group consisting of an 
intrusion blocking software package and an intrusion detecting software package. 

1 6, (Previously Presented) The method of claim 1 5, wherein using active inference 
further comprises automatically classifying the individual network device based on an IP address, 
a network topology and one or more services the individual network device provides, and 
applying rules to the individual network device based on its classificatiotL 

17, (Currently Amended) A method for configuring a security software package, the 
method comprising: 

defining one or more security policies for a class of network devices, wherein the security 
software package is a service running on at least one network device of the class of network 
devices; 

using a database engine providing deduction to decompose the one or more security 
policies for the class of network devices into one or more security goals; 

using t9 the database engine providing deduction to associate the one or more security 
goals with the at least one network device; and 

configuring the security software package on the at least one network device using the 
one or more security goals- 

18, (Previously Presented) A method for configuring security software packages, 
comprising: 

generating a first database containing a configuration of hardware devices and software 
packages installed on a network, wherein the software packages include the security software 
packages; 

defining classes of hardware devices installed on the network; 

automatically classifying each of the hardware devices into one of the classes of hardware 
devices using a database engine providing deduction: 

generating a second database containing fust security goals; 
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decomposing the first security goals into second security goals for individxial hardware 
devices using the database engine and the configuration of the hardware devices and the software 
packages installed on the network; and 

configuring each of the security software j^ckages using the second securit>' goals. 

1 9, (Previously Presented) The method of claim 1 8, wherein generating a second 
database containing first security goals further comprises generating a second database 
containing first security goals for each class of hardware devices. 

20. (Previously Presented) The method of claim 19, wherein decomposing the first 
security goals into second security goals for individual hardware devices further comprises using 
inference to associate the second security goals with individual hardware devices within each 
class of hardware devices. 
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